Microsoft releases emergency security update

Microsoft is doing something unusual and issuing an emergency security update to fix a recently disclosed vulnerability that affects various web platforms.

Normally Vole would wait until its next patch Tuesday to release such an update, but it decided that this one could not wait.

The vulnerability allows hackers to exploit hash tables to cause a denial of service (DoS) attack.

Vole points out that other web service software providers can be brought to their knees in the same way.

N.runs, the research outfit which spotted the flaw, says the vulnerability has been discovered to impact PHP 5, Java, .NET, and Google’s v8, while PHP 4, Ruby, and Python are somewhat vulnerable. The Ruby security team has addressed it.

Vole is worried because it hits all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages.

The update fixes all vulnerabilities in all supported releases of Microsoft Windows.

The bulletan can be found here for any web server operators that are working this week.